CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

CVE-2026-42768

The CVE-2026-42768 issue concerns Bleichenbacher-style side-channel attacks against CMS_decrypt() and PKCS7_decrypt() in OpenSSL. The vulnerability arises when processing CMS or S/MIME messages with multiple RecipientInfo entries (KTRI). In variant 1, decryption is attempted without a recipient c...

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

Post-Quantum Cryptography Is Coming, but Your DNS Might Not Be Ready

Learn why crypto-agility depends not just on adopting the right standards, but on maintaining a clear, unified view of your DNS environment before the migration begins...

cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces APIs that accept Python buffers, such as Hash.update. A remote attacker could exploit this to cause a buffer overflow, potentially leading t...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces APIs that accept Python buffers, such as Hash.update. A remote attacker could exploit this to cause a buffer overflow, potentially leading t...

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

OpenSSL 缓冲区错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

OpenSSL 资源管理错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2209)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 nfsd: fix RELEASELOCKOWNERCVE-2024-26629 bonding: limit BONDMODE8023AD to...

Certification of Network Quantum Sensing

The distribution of quantum sensors on quantum networks is a key enabler of quantum technologies in interferometry, gravimetry, timekeeping, biological monitoring, and beyond. Yet, guaranteeing the security of these distributed sensors over noisy, insecure networks remains a formidable challenge...

OpenSSL Toolkit 4.0.1

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...

CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

ROOT-APP-PYPI-CVE-2026-39892 CVE-2026-39892 in rootio-cryptography - Patched by Root

Root has patched CVE-2026-39892 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...

Medium: bouncycastle

Issue Overview: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84. CVE-2026-5588 Affected...

RHEL 10 : podman (RHSA-2026:24470)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24470 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...